Acceptable use policy

What you can't do with Cruma.

Version 1.0 · Effective May 15, 2026

This Acceptable Use Policy ("AUP") is part of the Cruma Terms of Service. Violating it is a violation of the Terms and can result in suspension or termination of your account. The AUP can be updated independently of the Terms — changes apply on posting.

1 · Prohibited content

Don't use Cruma to create, transmit, store, or distribute:

Content that is illegal in your jurisdiction or the recipient's.
Content that infringes intellectual-property, privacy, or publicity rights.
Malware, viruses, ransomware, or any code designed to disrupt, damage, or gain unauthorized access.
CSAM or any content that exploits minors. We report this to NCMEC and law enforcement, no exceptions.
Content that promotes terrorism, violent extremism, or organized harm.
Content designed to deceive recipients about its origin, sender, or purpose.

2 · Prohibited messaging

Don't use Cruma to send:

Spam — unsolicited bulk messaging that violates CAN-SPAM, CASL, GDPR/ePrivacy, or any applicable anti-spam law.
Phishing — messages designed to trick recipients into giving up credentials, payment info, or other sensitive data.
Impersonation — messages pretending to be from a person, company, or government entity you don't have authority to represent.
Harassment — repeated, unwanted contact with someone who has asked to stop, or threats of harm.
Fraud — pyramid schemes, get-rich-quick offers, fake invoices, false-pretense outreach.
Affinity-targeting attacks — messages weaponizing race, religion, sexual orientation, gender, disability, or other protected characteristic.

What this meansCruma is for outreach you'd be proud to put your name on, in markets where the recipient has a reasonable basis to expect contact. Volume sprays to scraped lists, deceptive bait-and-switch, and harassment aren't the product.

3 · Prohibited targeting

Don't load contact lists you obtained illegally (purchased without lawful basis, scraped in violation of platform terms, leaked, breached, or otherwise tainted).
Don't load contacts for whom you don't have a lawful basis to contact under the recipient's applicable law.
Don't load contacts who have asked you to stop, or who appear on a global suppression list (DMA, ECOA, etc.).
Don't use Cruma to target political races, voter outreach, or election-adjacent activity without independent legal review.

4 · Don't bypass safeguards

Don't bypass, disable, or work around the approval rail, send guard, suppression list, or frequency caps — including by automating clicks on approvals you have not actually reviewed.
Don't share approval-rail access with bots, scripts, or unattended automation.
Don't use Cruma to fan out messaging across multiple Gmail accounts in a way intended to evade per-account sending limits or warm-up reputation.

5 · LinkedIn specifically

Cruma's LinkedIn signals route through a licensed third-party broker. You may not:

Configure Cruma to scrape LinkedIn from your authenticated session.
Use Cruma in any way that violates the LinkedIn User Agreement.
Use Cruma to operate LinkedIn accounts on behalf of others (paid promotion, social-engagement farming, etc.).

6 · Don't scrape Cruma, reverse-engineer, or build a competitor

Don't scrape, crawl, or programmatically extract Cruma's UI, prompts, model outputs at scale, or skill definitions.
Don't reverse-engineer, decompile, or attempt to extract source code, model weights, prompts, or training data from the Service — except where applicable law expressly permits.
Don't use the Service to develop, train, or improve a competing product or AI system.
Don't probe, attack, or interfere with the Service's security, availability, or integrity (DoS, credential stuffing, etc.). Security research conducted under our vulnerability disclosure policy is welcomed.

7 · AI disclosure in regulated contexts

Don't use Cruma to produce content that you then represent as human-authored in a context where the distinction is legally required — for example, political-advertising disclosures, mandated AI-disclosure regimes (EU AI Act, California AB 2013), regulated financial advice, or therapeutic / medical advice. If a law requires "this content was produced with AI assistance," say so.

8 · Enforcement & reporting

We may, in our reasonable judgment and where practical with notice, suspend or terminate access for AUP violations. Egregious violations (CSAM, ongoing phishing operations, malware distribution) result in immediate termination and may be reported to law enforcement.

To report a violation by another Cruma user, email abuse@cruma.ai.

9 · Contact

Questions about whether a use is acceptable: legal@cruma.ai. We'd rather answer in advance than have to enforce after.